You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 7-8.RSVP
Sign inDemoInstall


Package Overview
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies



Nexera ID Identity Verification SDK

Version published



NexeraID Identity SDK

  • NexeraID Identity SDK, written in TypeScript.

How to install

npm install @nexeraid/identity-sdk

First steps

  • You need to provide NexeraID Team with the Web App domain and a Webhook
  • You need to provide NexeraID with the required rules
  • NexeraID Team will provide to you with an API_KEY and a RULE_ID

How to use

Server app
   * Get access token
   * This has to be done from secured server, to avoid leaking API_KEY
  const response = await fetch('', {
    body: JSON.stringify({ address }),
    headers: {
      'Content-Type': 'application/json',
      'Authorization': `Bearer ${API_KEY}`
    method: 'POST'
  const { accessToken } = await response.json()

   * Handle data from webhook
   * At the defined webhook endpoint, each time an user shares data with you, data with format
   * {
   *   address: '0x0000000000000000000000000000000000000000',
   *   data: {
   *     ...
   *   }
   *  }

  // Assuming you have this data in some variable named input
  const response = await fetch('', {
    body: JSON.stringify({
      address: input.address,
      policyId: `${POLICY_ID}`,
    headers: {
      'Content-Type': 'application/json',
      'Authorization': `Bearer ${API_KEY}`
    method: 'POST'
   * Validation result structure could vary according the required rules defined, but it will
   * have the necessary flags that determine whether or not the user meets the requirements.
  const validationResult = await response.json()
Web app
Initialize client
  // instantiate IdentityClient
const IDENTITY_CLIENT = new IdentityClient({

// or

// default value is prod
const IDENTITY_CLIENT = new IdentityClient();

// configure identity flow callbacks

// mandatory onSignPersonalData callback
IDENTITY_CLIENT.onSignMessage(async (data: string) => {
    // make user sign data with wallet, and return result
    return await signMessageAsync({message: data})

// (optional) Sign a transaction sended to the client, required to retunr the txHash
IDENTITY_CLIENT.onSendTransaction(async (data) => {
  return await walletClient?.sendTransaction({
    account: data.accountAddress as Address,
    to: as Address,
    data: as Address,
    value: data.value ? parseEther(data.value) : parseEther("0"),

// build signing message, needed to safety store identity in user's browser, and address should be in lowercase, to allow compatibility cross applications
const signingMessage = IdentityClient.buildSignatureMessage(address)
const signature = await signMessageAsync({message: signingMessage})
// here you need to get access token from your server, which will call our backend as we explained in the Server app section
const accessToken = getAccessTokenFromYourServer(address)

// Initialize iframe (hidden) with ky-app and starts listening for events
await IDENTITY_CLIENT.init({
      accessToken: kycAuth.accessToken,
      signature: kycAuth.signature,
      signingMessage: kycAuth.signingMessage,
On Chain Verification Integration
const isAllowed = await IDENTITY_CLIENT.isUserAllowedForEntrypoint(userAddress);
IDENTITY_CLIENT.onVerification((isAllowed) => {
Transaction Data Authorization Signature

This endpoint is used to retrieve a signature from the Nexera API in order to authorize a contract call gated with our Tx Auth Data Signature feature.

// Tx Auth Input
// with our example Gated NFT Minter
const txAuthInput = {
  contractAbi: ExampleGatedNFTMinterABI,
  contractAddress: ExampleGatedNFTMinterAddress_polygonAmoy,
  functionName: "mintNFTGated",
  args: [recipientAddress],
  // optional inputs, useful for testing with a local network

// Get signature Response
const signatureResponse: GetTxAuthDataSignatureResponse = await IDENTITY_CLIENT.getTxAuthSignature(txAuthInput);

// This is what the response looks
export const GetTxAuthDataSignatureResponse = z.object({
  signature: Signature.optional(),
  blockExpiration: z.number().optional(),
  isAuthorized: z.boolean(),
export type GetTxAuthDataSignatureResponse = z.infer<
  typeof GetTxAuthDataSignatureResponse
Third party integrations

Make sure to run the init flow before this.

const credentials = await IDENTITY_CLIENT.getStoredCredentials(
  { type: "getCredentials", data: undefined }, // data will be able to add filters later

Note: the following functions follow the iden3comm standard

auth handles AuthorizationRequestMessage : generates a zk-request for the given inputs and automatically calls verify endpoint with zk-proof generated with the wallet

import type { AuthorizationRequestMessage } from "@nexeraprotocol/nexera-id-schemas";
const authRequest: AuthorizationRequestMessage = {...}
await IDENTITY_CLIENT.polygonIdRequest(
  { type: "auth", authRequest}

credentialRequest ZeroKnowledgeProofRequest: generates a zk-request for the given inputs

import type {ZKPRequest} from "@nexeraprotocol/nexera-id-schemas";

const zkpRequest: ZKPRequest = {...}
await IDENTITY_CLIENT.polygonIdRequest(
    {type: "zkp", zkpRequest: zkpRequest}

credentialOffer handles CredentialOffer object in string format: adds a crdential to the polygon wallet (sent from a third party)

const authRequest:string="{...}"
await IDENTITY_CLIENT.polygonIdRequest(
  { type: "credentialOffer", credentialOfferRequest }
Display Verify/management iframe

Make sure to run the init flow before this

// finally, once accessToken, signingMessage and signature ready, IdentityClient flow can be triggered



Package last updated on 03 Jul 2024

Did you know?


Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.


Related posts

SocketSocket SOC 2 Logo


  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog


Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc